Add credentials to same-origin Report uploads
When the reporting endpoint is same-origin with the page generating
reports, the reporting API specifies that credentials should be included
with the report delivery.
This change enables that behaviour for V1 reporting endpoints only --
any endpoints configured with the Report-To header are unaffected. This
CL corrects the way that we distinguish V0 from V1 endpoints at delivery
time, which also corrects the metrics collection for delivered reports,
and adds a test for a case which was previously missed.
Bug: 1163645
Change-Id: I8fcd934b3026b57374e7e7df31c9af9a8d93962d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3169200
Reviewed-by: Matt Menke <[email protected]>
Reviewed-by: Maksim Orlovich <[email protected]>
Reviewed-by: Ken Buchanan <[email protected]>
Reviewed-by: Mike West <[email protected]>
Reviewed-by: Christian Dullweber <[email protected]>
Commit-Queue: Ian Clelland <[email protected]>
Cr-Commit-Position: refs/heads/main@{#929239}
diff --git a/net/reporting/reporting_test_util.cc b/net/reporting/reporting_test_util.cc
index d3a637a..9f56dfa 100644
--- a/net/reporting/reporting_test_util.cc
+++ b/net/reporting/reporting_test_util.cc
@@ -17,6 +17,7 @@
#include "base/test/simple_test_clock.h"
#include "base/test/simple_test_tick_clock.h"
#include "base/timer/mock_timer.h"
+#include "net/base/isolation_info.h"
#include "net/base/network_isolation_key.h"
#include "net/reporting/reporting_cache.h"
#include "net/reporting/reporting_context.h"
@@ -38,13 +39,13 @@
public:
PendingUploadImpl(const url::Origin& report_origin,
const GURL& url,
- const NetworkIsolationKey& network_isolation_key,
+ const IsolationInfo& isolation_info,
const std::string& json,
ReportingUploader::UploadCallback callback,
base::OnceCallback<void(PendingUpload*)> complete_callback)
: report_origin_(report_origin),
url_(url),
- network_isolation_key_(network_isolation_key),
+ isolation_info_(isolation_info),
json_(json),
callback_(std::move(callback)),
complete_callback_(std::move(complete_callback)) {}
@@ -68,7 +69,7 @@
private:
url::Origin report_origin_;
GURL url_;
- NetworkIsolationKey network_isolation_key_;
+ IsolationInfo isolation_info_;
std::string json_;
ReportingUploader::UploadCallback callback_;
base::OnceCallback<void(PendingUpload*)> complete_callback_;
@@ -103,15 +104,15 @@
TestReportingUploader::TestReportingUploader() = default;
TestReportingUploader::~TestReportingUploader() = default;
-void TestReportingUploader::StartUpload(
- const url::Origin& report_origin,
- const GURL& url,
- const NetworkIsolationKey& network_isolation_key,
- const std::string& json,
- int max_depth,
- UploadCallback callback) {
+void TestReportingUploader::StartUpload(const url::Origin& report_origin,
+ const GURL& url,
+ const IsolationInfo& isolation_info,
+ const std::string& json,
+ int max_depth,
+ bool eligible_for_credentials,
+ UploadCallback callback) {
pending_uploads_.push_back(std::make_unique<PendingUploadImpl>(
- report_origin, url, network_isolation_key, json, std::move(callback),
+ report_origin, url, isolation_info, json, std::move(callback),
base::BindOnce(&ErasePendingUpload, &pending_uploads_)));
}
@@ -231,8 +232,10 @@
void ReportingTestBase::SetV1EndpointInCache(
const ReportingEndpointGroupKey& group_key,
const base::UnguessableToken& reporting_source,
+ const IsolationInfo& isolation_info,
const GURL& url) {
- cache()->SetV1EndpointForTesting(group_key, reporting_source, url);
+ cache()->SetV1EndpointForTesting(group_key, reporting_source, isolation_info,
+ url);
}
bool ReportingTestBase::EndpointExistsInCache(
